This story was updated at 12 p.m. EST.
A Russian computer hacker who helped orchestrate a $10 million international bank fraud will avoid jail and serve only a five-year suspended sentence.
Yevgeny Anikin, 27, was part of a cybercriminal ring that in 2008 hacked into the electronic payment service WorldPay, then owned by the Royal Bank of Scotland, and first rigged it to raise customers’ maximum withdrawal limits.
Then, using cloned debit cards, Anikin and his team — in one 12-hour stint — stole $10 million from more than 2,100 ATMs in 280 cities worldwide.
Anikin bought two apartments in Siberia and a luxury car with the stolen money. He has been under house arrest since 2009.
In court yesterday (Feb. 7), Anikin pleaded guilty to the cybercrime and said he had already started to pay back the fraudulent funds.
“I want to say that I repent and fully admit my guilt,” Anikin told the court according to a report from RIA Novosti, Russia's state news agency.
Another member of the gang, Viktor Pletschuk, 29, received a six-year suspended sentence in September 2010.
Suspicious security experts smelled something fishy.
"It's unlikely we'll ever find out how this team of hackers managed to stiff the former RBS card-processing division for an incredibly large sum of money," Phil Lieberman, CEO of security specialists Lieberman Software, told the Help Net Security blog. "The banks are going to great lengths to avoid exposing how insecure their systems really are in an open court."
"I wonder if a stiffer sentence would have been handed out if, say, he had been tried in a U.S. court?" mulled Sophos' Graham Cluley. "Is Russia being tough enough on cybercriminals?"